Skip to main content

HackerOne Blog

Read the HackerOne blog to learn strategies for strengthening your attack resistance with help from highly skilled ethical hackers. Improve your security profile and stay up to date on industry trends and emerging threats.

DevSecOps Pipeline
Application Security

5 Security Stages of the DevSecOps Pipeline

DevSecOps builds on modern DevOps practices by incorporating security processes and automation into the development pipeline. This enables development...

DevSecOps Pipeline
Application Security

5 Security Stages of the DevSecOps Pipeline

DevSecOps builds on modern DevOps practices by incorporating security processes and automation into the...

DevOps DevSecOps
Application Security

DevSecOps vs DevOps: What is the Difference?

DevSecOps can dramatically reduce cyber risk for organizations—particularly those that rely on internal...

Overlooked Server Permissions
Application Security

The Most Overlooked Server Permission Checks

We previously looked at common server authentication issues we see in code review and offered tips to avoid...
HackerOne Blog
Vulnerability Management

HackerOne’s In-Depth Approach to Vulnerability Triage and Validation

Like triaging in a hospital emergency room, security issues must be diagnosed and handled by an expert as soon...
How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours
Ethical Hacker, Vulnerability Management

How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours

When PullRequest was acquired, these concerns became HackerOne’s challenges. When we finalized the acquisition...
CISOs: Do You Know M&A Security Risks?
Vulnerability Management

CISOs: Do You Know the Security Risks of Your Organization's Next M&A?

An ever-expanding attack surface is a global concern for most organizations and complicates an M&A, especially...

Common Security Issues
June 10th, 2022

The Top 5 Most Common Security Issues I Discover When Reviewing Code

NOTE: The following code examples have been contrived to provide detailed, illustrative representations of...
Catching Injection Vulnerabilities
Vulnerability Management

How to Catch Injection Security Vulnerabilities in Code Review

Injection vulnerabilities result from insecure handling of user inputs. They are relatively simple to fix once...